FRET-qemu

Go to file

Michael S. Tsirkin a890a2f913 virtio: validate config_len on load

Malformed input can have config_len in migration stream
exceed the array size allocated on destination, the
result will be heap overflow.

To fix, that config_len matches on both sides.

CVE-2014-0182

Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

--

v2: use %ix and %zx to print config_len values
Signed-off-by: Juan Quintela <quintela@redhat.com>

2014-05-05 22:15:03 +02:00

audio

Add the ability to vary Spice playback and record rates, to facilitate Opus support.

2014-02-03 11:05:15 +01:00

backends

backends/baum.c: Fix compilation when SDL is not available.

2014-03-24 17:47:29 +00:00

block

curl: Fix hang reading from slow connections

2014-04-30 16:34:21 +02:00

bsd-user

cpu: Move opaque field from CPU_COMMON to CPUState

2014-03-13 19:20:47 +01:00

default-configs

usb: mtp filesharing

2014-04-23 10:28:14 +02:00

disas

libvixl: Fix format strings for several int64_t values

2014-03-10 14:56:29 +00:00

docs

savevm: Ignore minimum_version_id_old if there is no load_state_old

2014-05-05 22:15:03 +02:00

dtc @ bc895d6d09

dtc: add submodule

2013-04-18 13:50:53 +02:00

fpu

softfloat: Introduce float32_to_uint64_round_to_zero

2014-04-08 11:20:00 +02:00

fsdev

virtfs-proxy-helper: fix call to accept

2014-04-28 08:55:32 +04:00

gdb-xml

target-arm: Support fp registers in gdb stub

2013-12-17 19:42:32 +00:00

virtio: validate config_len on load

2014-05-05 22:15:03 +02:00

include

vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/

2014-05-05 22:15:03 +02:00

libcacard

Add a 'name' parameter to qemu_thread_create

2014-03-09 21:09:38 +02:00

linux-headers

linux-headers update

2014-04-25 12:59:57 +02:00

linux-user

target-arm: Define exception record for AArch64 exceptions

2014-04-17 21:34:03 +01:00

net

trivial patches for 2014-04-28

2014-04-28 13:43:17 +01:00

pc-bios

Add QEMU logo (SVG file)

2014-04-28 08:55:31 +04:00

pixman @ 97336fad32

qapi: move include files to include/qobject/

2012-12-19 08:31:31 +01:00

po: add proper Language: tags to .po files

2014-04-28 08:55:32 +04:00

qapi

qerror.h: Remove QERR defines that are only used once

2014-04-25 09:19:59 -04:00

qga

qga: trivial fix for unclear documentation of guest-set-time

2014-04-18 10:33:36 +04:00

qobject

qerror.h: Remove QERR defines that are only used once

2014-04-25 09:19:59 -04:00

qom

qerror.h: Remove QERR defines that are only used once

2014-04-25 09:19:59 -04:00

roms

pseries: Update SLOF firmware image to qemu-slof-20140404

2014-04-08 11:20:00 +02:00

scripts

scripts: add sample model file for Coverity Scan

2014-04-18 10:33:36 +04:00

slirp

slirp: Remove default_mon usage

2014-04-25 09:19:58 -04:00

stubs

qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED

2014-04-25 09:19:59 -04:00

sysconfigs/target

Eliminate cpus-x86_64.conf file

2012-09-21 15:12:58 +02:00

target-alpha

target-alpha: Remove cpu_unique, cpu_sysval, cpu_usp

2014-04-17 11:47:42 -07:00

target-arm

vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/

2014-05-05 22:15:03 +02:00

target-cris

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

target-i386

target-i386: reorder fields in cpu/msr_hyperv_hypercall subsection

2014-04-05 10:49:05 +01:00

target-lm32

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

target-m68k

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

target-microblaze

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

target-mips

target-mips: Avoid shifting left into sign bit

2014-03-27 19:22:49 +04:00

target-moxie

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

target-openrisc

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

target-ppc

ppc: use kvm_vcpu_enable_cap()

2014-04-30 14:39:58 +02:00

target-s390x

s390x: use kvm_vcpu_enable_cap()

2014-04-30 14:39:49 +02:00

target-sh4

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

target-sparc

target-sparc: fix 32bit integer division overflow

2014-03-26 23:40:40 +00:00

target-unicore32

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

target-xtensa

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

tcg

tcg-sparc: Accept stores of zero

2014-04-28 11:06:35 -07:00

tests

Block patches

2014-05-02 10:50:58 +01:00

trace

osdep: initialize glib threads in all QEMU tools

2014-03-25 13:39:31 +01:00

gtk: collection of fixes and cleanups by Cole Robinson

2014-05-01 14:17:33 +01:00

util

trivial patches for 2014-04-28

2014-04-28 13:43:17 +01:00

.exrc

qemu: add .exrc

2012-09-07 09:02:44 +03:00

.gitignore

gitignore: cleanups #2

2014-04-28 08:55:31 +04:00

.gitmodules

Add OpenHack'Ware submodule

2014-03-12 17:26:32 +01:00

.mailmap

Update mailmap

2013-09-05 09:40:31 -05:00

.travis.yml

.travis.yml: add IRC notifications for build failures

2014-03-15 13:54:18 +04:00

aio-posix.c

aio: make aio_poll(ctx, true) block with no fds

2013-12-06 16:53:51 +01:00

aio-win32.c

aio: make aio_poll(ctx, true) block with no fds

2013-12-06 16:53:51 +01:00

arch_init.c

XBZRLE: Fix qemu crash when resize the xbzrle cache

2014-03-08 22:22:34 +01:00

async.c

aio: add aio_context_acquire() and aio_context_release()

2014-03-13 14:42:24 +01:00

balloon.c

softmmu: move include files to include/sysemu/

2012-12-19 08:32:45 +01:00

block-migration.c

block: Handle error of bdrv_getlength in bdrv_create_dirty_bitmap

2014-04-22 11:57:02 +02:00

block.c

block: Fix open_flags in bdrv_reopen()

2014-04-30 11:05:00 +02:00

blockdev-nbd.c

nbd: use BlockDriverState refcnt

2013-09-06 15:25:08 +02:00

blockdev.c

Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging

2014-04-28 12:56:34 +01:00

blockjob.c

qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED

2014-04-25 09:19:59 -04:00

bt-host.c

sysemu: avoid proliferation of include/ subdirectories

2013-04-15 18:19:25 +02:00

bt-vhci.c

sysemu: avoid proliferation of include/ subdirectories

2013-04-15 18:19:25 +02:00

Changelog

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

CODING_STYLE

CODING_STYLE: Section about mixed declarations

2014-03-27 19:22:49 +04:00

configure

configure: Re-run make if gtkabi/sdlabi is changed

2014-04-29 10:46:30 +02:00

COPYING

…

COPYING.LIB

…

coroutine-gthread.c

block: move include files to include/block/

2012-12-19 08:31:31 +01:00

coroutine-sigaltstack.c

Merge remote-tracking branch 'kwolf/for-anthony' into staging

2013-02-26 07:44:39 -06:00

coroutine-ucontext.c

Fix warnings suppressors to honor --disable-werror

2013-04-17 10:28:04 -05:00

coroutine-win32.c

block: move include files to include/block/

2012-12-19 08:31:31 +01:00

cpu-exec.c

cpu-exec: Unlock tb_lock if we longjmp out of code generation

2014-04-04 18:29:25 +01:00

cpus.c

misc: Use cpu_physical_memory_read and cpu_physical_memory_write

2014-04-27 13:04:18 +04:00

cputlb.c

cputlb: Change tlb_set_page() argument to CPUState

2014-03-13 19:52:47 +01:00

device_tree.c

device_tree: qemu_fdt_setprop: Rename val_array arg

2013-12-20 01:58:12 +01:00

device-hotplug.c

hw/boards: Convert current_machine to MachineState

2014-03-12 20:13:02 +01:00

disas.c

disas: Implement disassembly output for A64

2014-02-08 14:50:48 +00:00

dma-helpers.c

dma-helpers: Initialize DMAAIOCB in_cancel flag

2014-04-04 19:36:39 +02:00

dump.c

dump: add 'query-dump-guest-memory-capability' command

2014-02-28 11:52:03 -05:00

exec.c

exec: Fix CPU rework fallout

2014-03-19 19:47:15 +01:00

gdbstub.c

exec: Change cpu_breakpoint_{insert,remove{,_by_ref,_all}} argument

2014-03-13 19:20:48 +01:00

HACKING

HACKING: Document vaddr type usage

2013-07-23 02:41:31 +02:00

hmp-commands.hx

HMP: support specifying dump format for dump-guest-memory

2014-04-25 11:18:33 -04:00

hmp.c

HMP: support specifying dump format for dump-guest-memory

2014-04-25 11:18:33 -04:00

hmp.h

monitor: Add device_add and device_del completion.

2014-04-25 09:37:12 -04:00

iohandler.c

iohandler: switch to GPollFD

2013-02-21 16:17:31 -06:00

ioport.c

portio: Allow to mark portio lists as coalesced MMIO flushing

2013-10-17 17:24:15 +02:00

iothread.c

iothread: make IOThread struct definition public

2014-04-04 20:48:02 +02:00

kvm-all.c

Revert "fix return check for KVM_GET_DIRTY_LOG ioctl"

2014-04-14 15:40:02 +01:00

kvm-stub.c

Revert "KVM: Split QEMUMachine typedef into separate header"

2014-03-13 03:49:48 +01:00

LICENSE

LICENSE: clarify

2013-08-12 09:15:12 -05:00

main-loop.c

main-loop: Suppress "I/O thread spun" warnings for qtest

2014-03-13 21:36:50 +01:00

MAINTAINERS

MAINTAINERS: Add qemu-img/io to block subsystem

2014-04-25 18:05:05 +02:00

Makefile

Makefile: add qga-vss-dll-obj-y to nested variables

2014-04-07 14:39:19 -05:00

Makefile.objs

iothread: add I/O thread object

2014-03-13 14:42:24 +01:00

Makefile.target

build: softmmu targets do not have a "main.o" file

2014-02-20 13:14:18 +01:00

memory_mapping.c

cpu: Use QTAILQ for CPU list

2013-09-03 12:25:55 +02:00

memory.c

memory_region_present: return false if address is not found in child MemoryRegion

2014-03-09 21:09:37 +02:00

migration-exec.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

migration-fd.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

migration-rdma.c

rdma: rename 'x-rdma' => 'rdma'

2014-02-25 14:30:28 +01:00

migration-tcp.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

migration-unix.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

migration.c

migration: add more traces

2014-03-27 15:19:00 +05:30

module-common.c

module: implement module loading

2014-02-20 13:14:18 +01:00

monitor.c

monitor: fix qmp_getfd() fd leak in error case

2014-04-25 11:41:41 -04:00

nbd.c

nbd: move socket wrappers to qemu-nbd

2014-02-21 21:02:23 +01:00

os-posix.c

oslib-posix: Fix build on FreeBSD

2014-03-13 14:34:16 +00:00

os-win32.c

util: Split out exec_dir from os_find_datadir

2014-02-20 13:12:54 +01:00

page_cache.c

Fix two XBZRLE corruption issues

2014-02-25 14:30:28 +01:00

qapi-schema.json

block: Expose host_* drivers in blockdev-add

2014-04-25 18:05:06 +02:00

qdev-monitor.c

qerror.h: Remove QERR defines that are only used once

2014-04-25 09:19:59 -04:00

qdict-test-data.txt

…

qemu-bridge-helper.c

qemu-bridge-helper: force usage of a very high MAC address for the bridge

2013-03-28 12:58:52 -05:00

qemu-char.c

char: restore read callback on a reattached (hotplug) chardev

2014-03-13 10:33:45 +01:00

qemu-coroutine-io.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

qemu-coroutine-lock.c

coroutine: remove qemu_co_queue_wait_insert_head

2013-12-02 17:11:49 +01:00

qemu-coroutine-sleep.c

coroutine: add co_aio_sleep_ns() to allow sleep in block drivers

2013-10-30 12:22:09 +01:00

qemu-coroutine.c

coroutine: add ./configure --disable-coroutine-pool

2013-09-12 10:12:48 +02:00

qemu-doc.texi

doc: grammify "allows to"

2014-04-18 10:33:36 +04:00

qemu-file.c

migration: add more traces

2014-03-27 15:19:00 +05:30

qemu-img-cmds.hx

qemu-img: add -l for snapshot in convert

2013-12-04 15:19:00 +01:00

qemu-img.c

block: Add '--version' option to qemu-img

2014-04-29 10:36:35 +02:00

qemu-img.texi

Describe flaws in qcow/qcow2 encryption in the docs

2014-01-31 22:05:03 +01:00

qemu-io-cmds.c

qemu-io-cmds: Fixed typo in example for writev.

2014-03-19 09:39:41 +01:00

qemu-io.c

block: Add errp to bdrv_new()

2014-04-22 12:00:20 +02:00

qemu-log.c

qemu-log: default to stderr for logging output

2013-02-26 13:31:47 -06:00

qemu-nbd.c

block: Add errp to bdrv_new()

2014-04-22 12:00:20 +02:00

qemu-nbd.texi

qemu-nbd: add doc for option -f

2013-12-04 15:19:00 +01:00

qemu-options-wrapper.h

vl.c: In qemu -h output, only print options for the arch we are running as

2011-12-19 10:27:33 -06:00

qemu-options.h

vl.c: Move option generation logic into a wrapper file

2011-12-19 10:27:33 -06:00

qemu-options.hx

trivial patches for 2014-04-28

2014-04-28 13:43:17 +01:00

qemu-seccomp.c

seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist

2014-04-25 14:52:03 -03:00

qemu-tech.texi

qemu-tech.texi: update implemented xtensa features list

2012-11-29 13:00:52 -06:00

qemu-timer.c

timer: add timer_mod_anticipate and timer_mod_anticipate_ns

2013-10-17 17:31:00 +02:00

qemu.nsi

nsis: Improved support for parallel installation of 32 and 64 bit code

2013-11-07 07:02:44 +01:00

qemu.sasl

sasl: Avoid 'Could not find keytab file' in syslog

2014-03-15 13:54:18 +04:00

qmp-commands.hx

virtio-net: add vlan receive state to RxFilterInfo

2014-03-26 12:49:10 +02:00

qmp.c

qmp: object-add: Validate class before creating object

2014-04-25 11:08:34 -04:00

qtest.c

kvm: Add a new machine option kvm-type

2014-03-05 03:06:24 +01:00

README

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

rules.mak

rules.mak: Fix per object libs extraction

2014-03-17 13:21:11 +01:00

savevm.c

qerror.h: Remove QERR defines that are only used once

2014-04-25 09:19:59 -04:00

spice-qemu-char.c

spice: hook qemu_chr_fe_set_open() event to ports

2014-02-03 11:05:15 +01:00

tcg-runtime.c

tcg: Implement multiword multiply helpers

2013-02-23 17:25:28 +00:00

tci.c

tci: Mask shift counts to avoid undefined behavior

2014-04-18 16:57:36 -07:00

thread-pool.c

Add a 'name' parameter to qemu_thread_create

2014-03-09 21:09:38 +02:00

thunk.c

exec: move include files to include/exec/

2012-12-19 08:31:31 +01:00

tpm.c

Use error_is_set() only when necessary

2014-02-17 11:57:23 -05:00

trace-events

s390x/kvm: rework KVM synchronize to tracing for some ONEREGS

2014-04-25 12:59:57 +02:00

translate-all.c

page_check_range: don't bail out early after unprotecting page

2014-04-04 18:16:03 +01:00

translate-all.h

translate-all: Change tb_check_watchpoint() argument to CPUState

2014-03-13 19:20:48 +01:00

user-exec.c

tcg-aarch64: Properly detect SIGSEGV writes

2014-04-16 12:12:32 -04:00

VERSION

Open 2.1 development tree

2014-04-17 20:39:32 +01:00

version.rc

Use qemu-project.org domain name

2013-10-11 09:34:56 -07:00

vl.c

vl: avoid closing stdout with 'writeconfig'

2014-04-28 08:55:31 +04:00

vmstate.c

savevm: Ignore minimum_version_id_old if there is no load_state_old

2014-05-05 22:15:03 +02:00

xbzrle.c

xbzrle.c: Avoid undefined behaviour with signed arithmetic

2014-04-18 10:33:36 +04:00

xen-all.c

kvm: Add a new machine option kvm-type

2014-03-05 03:06:24 +01:00

xen-mapcache.c

hw: move headers to include/

2013-04-08 18:13:10 +02:00

xen-stub.c

kvm: Add a new machine option kvm-type

2014-03-05 03:06:24 +01:00

README

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team

Languages

C 83%

C++ 7.7%

Python 3%

Dylan 2.2%

Shell 1.8%

Other 2.1%